[24173] in bugtraq
Re: Infecting the KaZaA network?
daemon@ATHENA.MIT.EDU (the Pull)
Thu Feb 7 16:43:42 2002
Message-ID: <20020207054421.74056.qmail@web12505.mail.yahoo.com>
Date: Wed, 6 Feb 2002 21:44:21 -0800 (PST)
From: the Pull <osioniusx@yahoo.com>
To: Andrew McClymont <andrewmcclymont@d-link.net>, bugtraq@securityfocus.com
In-Reply-To: <00dc01c1af4a$5fe7ec00$2200000a@centro.losgraneros.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
It is standard in p2p software that uses distributed
downloading to use cryptographic hashes (Swarmcast,
bittorrent, MojoNation, etc)... largely to prevent
such things.
I don't see any mention of "hash" on their site:
http://www.google.com/search?q=site:www.kazaa.com+hash&hl=en
But, it would be ludicrous if they didn't.
--- Andrew McClymont <andrewmcclymont@d-link.net>
wrote:
> I just found out a folder named "My shared folder"
> under the KaZaA
> installation folder.
>
> Inside "My shared folder" there were various KaZaA
> installshield
> packages (exe files).
>
> Now, the people at FastTrack promotes their engine
> as a distributed way
> to send files to end users. This is seen whe you
> download KaZaA, you get
> a little exe (500 k) that downloads the full KaZaA
> client from one of
> its users, I would guess, from the "My shared
> folder".
>
> What happens if I infect the files under "My shared
> folder" with a virii
> or some trojan, every user that gets their KaZaA
> client from my computer
> gets screwed, right? And then, the victim himself
> will be sharing the
> KaZaA client infected to new victims.
>
> Just wondering... Have a nice day!!
> -Andrew McClymont
>
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
